mirror of
https://github.com/archlinuxarm/PKGBUILDs.git
synced 2024-11-18 22:54:00 +00:00
88 lines
3.5 KiB
Diff
88 lines
3.5 KiB
Diff
From 6b1b6d3a8555075e23cca89335e855d55f35fba9 Mon Sep 17 00:00:00 2001
|
|
From: Zhenyao Mo <zmo@chromium.org>
|
|
Date: Thu, 29 Mar 2018 23:48:19 +0000
|
|
Subject: [PATCH] Allow `stat` in Linux for GPU process for a list of files.
|
|
|
|
This is to unblock certain NVidia driver's glReadPixels calls in the sandboxed
|
|
GPU process.
|
|
|
|
Note that the needed file /dev/nvidiactl is already in the list for read/write.
|
|
|
|
BUG=817400
|
|
TEST=manual
|
|
R=tsepez@chromium.org
|
|
|
|
Change-Id: I9074a8335a9c4df1487f5a288d5e284bbedf67c3
|
|
Reviewed-on: https://chromium-review.googlesource.com/965462
|
|
Reviewed-by: Zhenyao Mo <zmo@chromium.org>
|
|
Reviewed-by: Tom Sepez <tsepez@chromium.org>
|
|
Reviewed-by: Robert Sesek <rsesek@chromium.org>
|
|
Reviewed-by: Kenneth Russell <kbr@chromium.org>
|
|
Commit-Queue: Zhenyao Mo <zmo@chromium.org>
|
|
Cr-Commit-Position: refs/heads/master@{#547027}
|
|
---
|
|
content/gpu/gpu_sandbox_hook_linux.cc | 5 ++++-
|
|
.../service_manager/sandbox/linux/bpf_gpu_policy_linux.cc | 15 ++++++++++++++-
|
|
2 files changed, 18 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/content/gpu/gpu_sandbox_hook_linux.cc b/content/gpu/gpu_sandbox_hook_linux.cc
|
|
index ddd7b99485fe..cd914e2f9926 100644
|
|
--- a/content/gpu/gpu_sandbox_hook_linux.cc
|
|
+++ b/content/gpu/gpu_sandbox_hook_linux.cc
|
|
@@ -153,6 +153,7 @@ void AddStandardGpuWhiteList(std::vector<BrokerFilePermission>* permissions) {
|
|
static const char kDriCardBasePath[] = "/dev/dri/card";
|
|
static const char kNvidiaCtlPath[] = "/dev/nvidiactl";
|
|
static const char kNvidiaDeviceBasePath[] = "/dev/nvidia";
|
|
+ static const char kNvidiaDeviceModeSetPath[] = "/dev/nvidia-modeset";
|
|
static const char kNvidiaParamsPath[] = "/proc/driver/nvidia/params";
|
|
static const char kDevShm[] = "/dev/shm/";
|
|
|
|
@@ -172,6 +173,8 @@ void AddStandardGpuWhiteList(std::vector<BrokerFilePermission>* permissions) {
|
|
permissions->push_back(BrokerFilePermission::ReadWrite(
|
|
base::StringPrintf("%s%d", kNvidiaDeviceBasePath, i)));
|
|
}
|
|
+ permissions->push_back(
|
|
+ BrokerFilePermission::ReadWrite(kNvidiaDeviceModeSetPath));
|
|
permissions->push_back(BrokerFilePermission::ReadOnly(kNvidiaParamsPath));
|
|
}
|
|
|
|
@@ -262,9 +265,9 @@ sandbox::syscall_broker::BrokerCommandSet CommandSetForGPU(
|
|
sandbox::syscall_broker::BrokerCommandSet command_set;
|
|
command_set.set(sandbox::syscall_broker::COMMAND_ACCESS);
|
|
command_set.set(sandbox::syscall_broker::COMMAND_OPEN);
|
|
+ command_set.set(sandbox::syscall_broker::COMMAND_STAT);
|
|
if (IsChromeOS() && options.use_amd_specific_policies) {
|
|
command_set.set(sandbox::syscall_broker::COMMAND_READLINK);
|
|
- command_set.set(sandbox::syscall_broker::COMMAND_STAT);
|
|
}
|
|
return command_set;
|
|
}
|
|
diff --git a/services/service_manager/sandbox/linux/bpf_gpu_policy_linux.cc b/services/service_manager/sandbox/linux/bpf_gpu_policy_linux.cc
|
|
index bc16952c0898..d683aacc76f4 100644
|
|
--- a/services/service_manager/sandbox/linux/bpf_gpu_policy_linux.cc
|
|
+++ b/services/service_manager/sandbox/linux/bpf_gpu_policy_linux.cc
|
|
@@ -61,7 +61,20 @@ ResultExpr GpuProcessPolicy::EvaluateSyscall(int sysno) const {
|
|
case __NR_open:
|
|
#endif // !defined(__aarch64__)
|
|
case __NR_faccessat:
|
|
- case __NR_openat: {
|
|
+ case __NR_openat:
|
|
+#if defined(__NR_stat)
|
|
+ case __NR_stat:
|
|
+#endif
|
|
+#if defined(__NR_stat64)
|
|
+ case __NR_stat64:
|
|
+#endif
|
|
+#if defined(__NR_fstatat)
|
|
+ case __NR_fstatat:
|
|
+#endif
|
|
+#if defined(__NR_newfstatat)
|
|
+ case __NR_newfstatat:
|
|
+#endif
|
|
+ {
|
|
auto* broker_process = SandboxLinux::GetInstance()->broker_process();
|
|
DCHECK(broker_process);
|
|
return Trap(BrokerProcess::SIGSYS_Handler, broker_process);
|
|
--
|
|
2.16.2
|
|
|